Opened on Jun 20, 2018 at 7:22:55 PM
Closed on Jun 26, 2018 at 9:08:16 AM
Last modified on Jul 6, 2018 at 9:31:13 AM
#10371 closed defect (fixed)
Incorrectly assumes ETag and MD5 are equivalent
Reported by: | rpkelly | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | 6.7.0 |
Component: | s3 | Version: | 6.6.1 |
Severity: | normal | Keywords: | |
Cc: | Architecture: | ||
Platform: |
Description
Cyberduck assumes that the ETag returned by S3 is equivalent to the MD5 checksum of the file's content. This is not a valid assumption. The ETag will only be the MD5 of the object data when the object is stored as plaintext or encrypted using SSE-S3. If the object is encrypted using another method (such as SSE-C or SSE-KMS) the ETag is not the MD5 of the object data. If the object was created via a multipart upload, the ETag is not the MD5 of the object data.
Attachments (3)
Change History (10)
comment:1 Changed on Jun 25, 2018 at 2:28:44 PM by dkocher
- Component changed from core to s3
- Owner set to dkocher
- Summary changed from Cyberduck incorrectly assumes ETag and MD5 are equivalent for S3 to Incorrectly assumes ETag and MD5 are equivalent
comment:2 Changed on Jun 25, 2018 at 2:29:27 PM by dkocher
comment:3 Changed on Jun 25, 2018 at 6:29:50 PM by rpkelly
See the attached screenshots. Cyberduck displays a warning saying there is a mismatch. I also calculate the MD5 of the file via the command line and am attaching a screenshot of the ETag shown in the S3 console.
comment:4 Changed on Jun 25, 2018 at 6:48:06 PM by dkocher
- Milestone set to 7.0
- Status changed from new to assigned
comment:5 Changed on Jun 26, 2018 at 9:08:16 AM by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
comment:6 Changed on Jul 5, 2018 at 7:38:04 PM by dkocher
- Milestone changed from 7.0 to 6.6.3
comment:7 Changed on Jul 6, 2018 at 9:31:13 AM by dkocher
- Milestone changed from 6.6.3 to 6.7.0
Milestone renamed
What makes you think that we make this false assumption?